Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities' employer.
Cyber Security Policy and Standards Analyst
Utilities
Hybrid
6 months
£500 per day Umbrella
In short: Analyst with experience of creating and maintaining cyber security policy, standards and procedures in a regulated environment. You'll be translating technical details into simple English that non-technical stakeholders will understand focusing primarily on cyber defence ie Incident Response and Management.
In full: OFGEM outline the expected control areas that we will operate as a business, whether this is as part of our critical national infrastructure, operational technology or information technology. As a Policy and Standards Senior Analyst with cyber security knowledge, you will be able to make the link between what these regulations require and how we need to operate and translate the regulations into polices and actionable standards and controls for our colleagues.
Reporting to the Cyber Security Policy and Standards Lead you will be part of a team creating and implementing all ISMS components on behalf of the CISO function as part of the overall cyber policy framework within the organisation.
You will be accountable for the:
- Writing and introduction of new security policies and sub-policies
- Writing and introduction of new standards and related procedures
- Effective working with SME's across the organisation to identify create and agree items for the ISMS
- Updating and maintaining the ISMS policy and compliance repository
- Monitoring compliance and identifying areas of non-compliances and raising with appropriate stakeholders to ensure they are understood, escalated as necessary and acted upon
- Developing all documentation in a simple, plain English manner so that colleagues find the documentation of use and follow its purpose
- Assist with training, awareness and attestations of the ISMS across the organisation
The successful candidate will be process orientated, organised, and have excellent communication skills.
What is important for us: Security First - Our team focusses on security in everything we do, and we take it seriously. We have regulatory commitments, built into legislation that we must abide by, and we are reviewed against these regulatory commitments.
Agility - We want to have a lean organisation that can adapt and change. We need our people to be adaptable to help us achieve this.
Ownership - The nation trusts us with what we do. If everything works well, then we do not have to demonstrate this. We expect that everyone completely owns the activities that they are responsible for.
Essential Experience:
- Broad knowledge of IT Security with demonstrable experience in a cyber security environment (preferably with Operational Technology experience).
- An understanding of Cyber Security Legislation (NIS is preferable)
- Demonstrable experience of cyber security frameworks including NIST, CAF, ISO27001
- Demonstrable experience of ISA/IEC 62443
- Experience of using GRC management tooling
- Ability to plan, organise and follow through on assigned tasks
- Excellent stakeholder management and communication skills.
Preferred Experience:
- Use of ServiceNow GRC Modules to manage and maintain ISMS implementation and compliance.
Qualifications:
- Security Certifications - CISSP or equivalent